Job Description

Overview

As the Lead Engineer for Security Incident Response & Operations, you will be responsible for managing cybersecurity incidents, monitoring security operations, and supporting the organization’s overall cyber defence capabilities within telecommunication and enterprise environments.

The role includes incident detection, analysis, containment, recovery coordination, operational governance, and collaboration with SOC teams, MSSP providers, and technology stakeholders to ensure effective security operations and timely incident response. On top of this desire to learn, think out of the box and introduce new security initiatives to support Day 1 and Day 2’s responsibilities.

Job Duties and Responsibilities

•    Monitor, investigate, and respond to security alerts, incidents, and suspicious activities across network, endpoint, cloud, and security platforms.
•    Perform incident triage, impact assessment, root cause analysis, containment, eradication, and recovery coordination.
•    Investigate malware infections, ransomware activities, phishing attacks, unauthorized access attempts, and security breaches.
•    Coordinate with MSSP, SOC, infrastructure, cloud, and application teams during security incident investigations and remediation activities.
•    Conduct threat hunting and proactive investigations using SIEM, EDR, and threat intelligence platforms.
•    Analyze indicators of compromise (IOC), indicators of attack (IOA), and attack patterns using MITRE ATT&CK framework.
•    Support digital forensic investigations and evidence collection when required.
•    Monitor daily security operations activities across telecommunication and enterprise infrastructure environments.
•    Review and tune detection rules, use cases, alert thresholds, and correlation logic to improve detection accuracy and reduce false positives.
•    Coordinate with vendors and MSSP providers for operational governance, SLA management, incident handling, and issue resolution.
•    Develop and maintain Standard Operating Procedures (SOPs), playbooks, operational runbooks, and technical documentation.
•    Support audit, compliance, governance, and regulatory requirements related to cybersecurity operations.
•    Prepare operational dashboards, KPI reports, governance metrics, and security operations updates for management review.
•    Participate in 24x7 on-call support and incident escalation activities whenever required and need to be on standby.
•    Lead and work with cross functional stakeholders and processes to meet the business requirements.

Qualifications

Qualifications
•    Bachelor’s degree in information technology, Computer Science, Cyber Security, or related discipline.
•    4 – 6 years of experience in Security Operations Center (SOC), Incident Response, Cybersecurity Operations, or Threat Management roles.
•    Familiarity with SIEM, EDR, Threat Intelligence, and security monitoring platforms.
•    Good understanding of incident response lifecycle, malware analysis, threat detection, incident forensics and security investigations.
•    Experience working with MSSP/SOC providers and managing operational governance.
•    Knowledge of Windows, Linux, cloud, network, and hybrid infrastructure security environments.
•    Familiarity with frameworks such as MITRE ATT&CK, NIST, ISO 27001, and Cyber Kill Chain.
•    Experience with scripting or automation using PowerShell, Python, or Bash is an advantage.
•    Good to have certifications such as CEH, CISSP, GCIA, GCIH, Security+, or vendor-specific security certifications.

Essential Skills
•    Strong analytical, troubleshooting, and incident investigation skills.
•    Effective communication and stakeholder management abilities.
•    Experience in security operations, incident response, and operational governance.
•    Ability to work under pressure during critical incidents.
•    Strong documentation, reporting, and problem-solving capabilities.
•    Knowledge of SLA management, risk management, and service delivery operations.
•    Ability to collaborate effectively with SOC, MSSP, infrastructure, cloud, and application teams.